Authorization mechanism
First Claim
Patent Images
1. A collaborative authorization process, comprising defining a set of roles in a first system, identifying a set of privileges corresponding to each of said roles in said first system, establishing a mapping of each role to corresponding privileges in a second system, and at runtime automatically granting access to a user according to privileges in the second system to which the user'"'"'s role in the first system maps.
1 Assignment
0 Petitions
Accused Products
Abstract
A central authorization mechanism allows an employee of one company to use computing resources of another company based on a mapping of the user'"'"'s role in one company to a corresponding role in another company based on equivalence of respective privileges associated with the roles.
78 Citations
16 Claims
-
1. A collaborative authorization process, comprising
defining a set of roles in a first system, identifying a set of privileges corresponding to each of said roles in said first system, establishing a mapping of each role to corresponding privileges in a second system, and at runtime automatically granting access to a user according to privileges in the second system to which the user'"'"'s role in the first system maps.
-
6. A collaborative authorization process, comprising
defining a set of roles in a first enterprise, identifying a set of privileges corresponding to each said role in said first enterprise, establishing an mapping of the role to a corresponding role in a second enterprise having a corresponding set of privileges, establishing a directory correlating the user ID with his or her role in the first enterprise, and at runtime automatically granting access to the user based on privileges associated with the role in the second enterprise to which said role in the first enterprise maps.
-
7. A collaborative authorization process, comprising
mapping a set of roles in one system onto a set of roles in another system according to the equivalence of their respective privileges, to establish a role-mapping from one enterprise to the another, when a user in one enterprise applies for authorization to gain access to a resource in the other system, identifying the user'"'"'s role in said one system and using the pre-existing role-mapping to ascertain the corresponding role, with corresponding privileges in the other system, and then based on the privileges conferred on the corresponding role in the other system, granting or denying the user access to the resource.
-
12. A collaborative authorization process, comprising
defining a set of privileges in a first system, establishing a mapping of each said set of privileges to corresponding roles in a second system, and at runtime automatically granting access to a user according to privileges associated with the roles in the second system to which the user'"'"'s set of privileges in the first system maps.
Specification